Comment Use cases for http (Score 1) 324
It seems Mozilla wants to move away from http, but here are some use cases they will be breaking:
I have a slow and expensive Internet connection used by a few people on a few different devices, I use a proxy-cache to improve page load times and reduce network traffic.
I am a parent, and while I try to be present whenever the kids use the internet, I run a proxy-filter (e.g. DansGuardian) to prevent them from stumbling across less suitable sites.
I am a service provider, and I use a transparent proxy to cache large files downloaded from international sites. This saves me about 10% of my running costs.
I am a service provider provoding internet access with high input costs, in order to provide reasonably-priced services I have quota-based products. In order to be friendly to my customers and avoid them incurring over-use charges, I inject JS notifications at various thresholds. With only HTTPS, I will just have to wait until they are over quota and then block all HTTPS traffic and hope I can redirect some HTTP traffic to a page informing them that they are over quota.
I am a security engineer for my company, for various reasons we need to be able to inspect http traffic (prevent users from visiting malicious sites, enforce productivity controls etc.).
Sure, there are technical means around some of these challenges (e.g. devices that ship with/use CA certs and dynamically generate SSL certs to MITM the traffic), but this initiative is just going to increase costs for everyone.
And who will benefit? Well, most of the main sponsors of Let's encrypt. Cisco will be selling you more network equipment that can MITM SSL, Akamai will get more business as ISPs will not be able to cache on their own and content owners will have to pay Akamai instead.
Maybe some affected parties will start blocking Firefox (or block ssl upgrade checks), or some service providers may start charging Firefox users more.
I am a supporter of open source and have used Firefox as my primary browser since before the 1.0 release, but some of the supposed security braindeadness has made life more difficult, and this is just another example, and may be the one that forces me to change to a web browser, instead of an HTTPS-only browser.